Next: , Up: vnc_security


3.10.1 Without passwords

The simplest VNC server setup does not include any form of authentication. For this setup it is recommended to restrict it to listen on a UNIX domain socket only. For example

qemu [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc

This ensures that only users on local box with read/write access to that path can access the VNC server. To securely access the VNC server from a remote machine, a combination of netcat+ssh can be used to provide a secure tunnel.